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Amendments to the Claims: 

This listing of claims will replace all prior versions and listings of claims in this 
application. Added text is indicated by underlining, and deleted text is indicated by 
strikethrough . Changes are identified by a vertical bar at the left edge of text. 

Listing of Claims: 

1-14. (canceled). 
15. (canceled). 
16-22. (canceled) 

1 23. (currently amended) A storage system for processing a command 

2 transmitted by a host computer, said storage system comprising: 

3 a storage apparatus to which the host computer is connected by a network and 

4 which stores data to be processed in accordance with said command; 

5 means for receiving an iSCSI login request transmitted from the host computer; 

6 • means for determining a first determination whether or not a source address 

7 included in an IP header of the iSCSI login request is an IP address in the same network as a port 

8 of the storage apparatus; 

9 means for obtaining a MAC address assigned to the port of the host computer 

1 0 when the source address included in the IP header is not an IP address in the same network as the 

1 1 port of the storage apparatus as a result of the first determination; 

1 2 means for determining a second determination whether or not the MAC address 

1 3 has been cataloged in an access management table that defines the MAC addresses identifying 

1 4 the host computer by IP address; 

1 5 means for approving an access by said iSCSI login request from the host 

1 6 computer to the storage apparatus when the MAC address has been cataloged in the access 

1 7 management table as a result of the second determination; 
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1 8 means for determining a third determination whether or not a logical unit (LU) 

19 specified by the command has been cataloged in the access management table as the LU 

20 associated with the source IP address of a frame included within the command; 

21 means for performing said second determination and said third determination in 

22 accordance with a source MAC address in the frame of the iSCSI login request sent from said 

23 host computer and cataloged in said access management table; and 

24 means for accessing the LU to process the command when said LU has been 

25 cataloged in the access management table as a result of the third determination; 

26 wherein a MAC address is obtained from said host comput er bv adoption of a 

27 protocol based on an iSCSI text mode negotiation , 

1 24. (previously presented) A storage system according to claim 23, wherein a 

2 request is given to a SNMP manager that transmits a request to the host computer to acquire a 

3 Management Information Base data for the source IP address included in the iSCSI login request 

4 to obtain the MAC address. 

1 25. (previously presented) A storage system according to claim 23, wherein a 

2 MAC address is obtained from said host computer by adoption of a protocol based on an iSCSI 

3 text mode negotiation. 

1 26. (previously presented) A storage system according to claim 23, further 

2 comprising: 

3 a control memory for recording log data that the iSCSI login request has been 

4 made from a port of another network when the source address included in the IP header were not 

5 the IP address in the same network as the port of the storage apparatus according to said the first 

6 determination means. 

1 27. (previously presented) A storage system according to claim 24, further 

2 comprising: 
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3 means for determining whether or not a predetermined time has lapsed without a 

4 response received from the host computer, wherein said second determination is performed if the 

5 storage apparatus receives an SNMP response to a SNMP request to the host computer without 

6 causing a timeout. 

1 28. (previously presented) A storage system according to claim 23, further 

2 comprising, 

3 a control memory for recording log data indicating that the access from said host 

4 computer has not been approved therein, 

5 wherein processing of the command is not carried out if the requested access is 

6 determined to be a disallowed access to the LU by the third determination means. 

1 29. (currently amended) An access control management method for 

2 processing a command comprising an access request transmitted by a host computer to a storage 

3 apparatus by way of a network, said access control management method comprising the steps of: 

4 receiving an iSCSI login request transmitted from the host computer; 

5 determining a first determination as to whether or not a source address included in 

6 an IP header of the iSCSI login request is an IP address in the same network as a port of the 

7 storage apparatus; 

8 obtaining a MAC address assigned to the port of the host computer when the 



9 source address included in the IP header is not an IP address in the same network as the port of 

1 0 the storage apparatus as a result of the first determination; 

1 1 determining a second determination as to whether or not the MAC address has 

1 2 been cataloged in an access management table that defines the MAC addresses identifying the 

1 3 host computer by IP address; 

1 4 approving an access by said iSCSI login request from the host computer to the 

1 5 storage apparatus when the MAC address has been cataloged in the access management table as 

1 6 a result of said second determination; 
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17 determining a third determination as to whether or not a logical unit (LU) § 

1 8 specified by the command has.been cataloged in the access management table as the LU 

1 9 associated with the source IP address of a frame included within the command; 

20 performing said second determination and said third determination in accordance 

2 1 with a source MAC address in the frame of iSCSI login request sent from said host computer and 

22 cataloged in said access management table; and 

23 . accessing to the LU to process the command when said LU has been cataloged in- 

24 the access management tables as a result of the third determination; 

25 wherein a MAC address is obtained from said host computer bv adoption of a 

26 protocol based on an iSCSI text mode negotiation . 

1 30. (previously presented) An access control management method according 

2 to claim 29, wherein a request is given to a SNMP manager that transmits a request to the host 

3 computer to acquire an MIB for the source IP address included in the iSCSI login request to 

4 obtain the MAC address. 



1 



3 1 . (previously presented) An access control management method according 

2 to claim 29, wherein log data that the iSCSI login request has been made from a port of another 

3 network is recorded in a control memory if the source address included in the IP header were not 

4 the IP address in the same network as the port of the storage apparatus according to said the first 

5 determination. 



1 



3 



32. (previously presented) An access control management method according 



2 to claim 30, further comprising: 



determining whether or not a predetermined time has lapsed without a response 

4 received from the host computer, wherein said second determination is performed if the storage 

5 apparatus receives an SNMP response to a SNMP request to the host computer without causing a 

6 timeout. 
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1 33. (previously presented) An access control management method according 

2 to claim 29, wherein log data indicating that the access from said host computer has not been 

3 approved is recorded in a control memory and processing of the command is not carried out if 

4 the requested access is determined to be a disallowed access to the LU on the third 

5 determination: 
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